Symantec recently released another build for their 300 series (320/360) firewall/vpn appliance on 5/2/05 (build 904).
This firmware flash completey hosed what I've narrowed down to be all VPN traffic coming from the WLAN/LAN side to the WLAN/LAN side.
My setup at both locations is to have 1 machine acting as a fileserver (FreeBSD w/samba acting as the master domain controller and WINS server) connected to one of the LAN ports without a VPN connection. The clients are all wireless using the Symantec's client vpn 8.0, wireless is restricted to VPN with the 300 firewall as the end-point, and the user gets the ip of the samba server as its WINS server. I've gone as far as setting all the settings to default with 1 VPN client. Connecting works fine, external web works fine, I can ping the firewall (which is also the gateway), but nothing internal. The DNS used is the one from the ISP.
Like I said, all the internal functionality is dead (ssh, filesharing, tcp/ip printing). There were no winbloze updates or symantec vpn client updates since the change. I've even tried to flash to an older firmware version to no avail. ethereal shows the packets being sent, but no SYN/ACK packet is coming back for ssh, netbios, etc.
Does anyone have any ideas or debugging tips? I've paid for Symantec's support before and it's beyond horrible (like their documentation).
This firmware flash completey hosed what I've narrowed down to be all VPN traffic coming from the WLAN/LAN side to the WLAN/LAN side.
My setup at both locations is to have 1 machine acting as a fileserver (FreeBSD w/samba acting as the master domain controller and WINS server) connected to one of the LAN ports without a VPN connection. The clients are all wireless using the Symantec's client vpn 8.0, wireless is restricted to VPN with the 300 firewall as the end-point, and the user gets the ip of the samba server as its WINS server. I've gone as far as setting all the settings to default with 1 VPN client. Connecting works fine, external web works fine, I can ping the firewall (which is also the gateway), but nothing internal. The DNS used is the one from the ISP.
Like I said, all the internal functionality is dead (ssh, filesharing, tcp/ip printing). There were no winbloze updates or symantec vpn client updates since the change. I've even tried to flash to an older firmware version to no avail. ethereal shows the packets being sent, but no SYN/ACK packet is coming back for ssh, netbios, etc.
Does anyone have any ideas or debugging tips? I've paid for Symantec's support before and it's beyond horrible (like their documentation).